Feature spotlights

Automated discovery and classification

Automatically discover sensitive data from across your entire heterogeneous environment so that you can classify it and begin protecting it.

Automated analytics

Automatically analyze risks to sensitive data, from uncovering risky or suspicious user access patterns to uncovering malicious stored procedures or SQL injections, so that you can take action and safeguard sensitive data.

Vulnerability assessment

Scan data environments (databases, data warehouses, big data platforms) to detect vulnerabilities and suggest remedial actions. Identify exposures such as missing patches, weak passwords, unauthorized access and changes, misconfigured privileges, and other vulnerabilities, see full reports, and understand progress over time. Vulnerability assessment supports Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Database as a Service (DBaaS) environments.

Data activity monitoring

Continuous real-time monitoring, combined with cognitive analytics and proprietary algorithms, help discover unusual activity related to sensitive data, prevent unauthorized data access, provide alerts on suspicious activities, and protect against internal and external threats. Data is monitored and protected across the enterprise – from on-prem databases and DBaaS to big data platforms and cloud environments.

Blocking, masking, alerting and quarantining

Protect sensitive data at rest and in motion in the manner that best meets the needs of your security policies. Apply static or dynamic data masking. Dynamically block user access to data, or quarantine suspicious user IDs. Send real time alerts to the security team for immediate follow-up on risky or unusual user behavior or access patterns.

Automated compliance and audit support

Aggregate and normalize audit data throughout the enterprise for compliance reporting, correlation, and forensics without requiring native database audit functions. Have audit-friendly data access audit trail supporting separation of duties, and benefit from customizable compliance workflow automation to generate and distribute reports for sign-off and escalation. Pre-packaged, regulation-specific 'accelerators' (such as the GDPR Accelerator) are also included.

Cloud-ready images for major cloud venders

Leverage fully tested and supported images for most major cloud venders. IBM can easily share these images to speed up deployment, so users may start protecting cloud data managed in Infrastructure as a Service (IaaS) environments.

Visibility and control for DBaaS

Monitors DBaaS deployments in AWS RDS and Azure MS SQL, then centralizes this information with activity data collected across your environment to provide a holistic and actionable view of data activities across on-premises and cloud enabled database services.

Support for container-based databases, including MongoDB

IBM Guardium Multi-Cloud Data Protection supports containerized databases, including MongoDB, to provide holistic visibility and protection of sensitive data across your hybrid and multi-cloud environments.

Integration with AWS Database Activity Streams (DAS)

IBM Guardium Multi-Cloud Data Protection expands its existing capabilities for protecting database services by integrating with AWS Database Activity Streams (DAS). IBM Guardium Multi-Cloud Data Protection can  monitor and audit Amazon Aurora database activity to quickly identify threats and generate alerts. The integration with AWS Database Activity Streams further helps you take a consistent, proactive approach to data protection across your hybrid and multi-cloud environment.

How customers use it

  • Address Cloud Data Security Challenges

    Address Cloud Data Security Challenges


    The amount of data being moved to the cloud continues to grow, but storing sensitive data in public clouds is a concern for most enterprises.


    IBM Security Guardium Multi-Cloud Data Protection provides a holistic data security platform for data in IBM Cloud, AWS, Oracle, Azure and hybrid deployment models with a single, centralized view and robust security controls.

  • Analyze Data and Gain Visibility

    Analyze Data and Gain Visibility


    Because data is constantly changing, moving, and being accessed by new users, it can be difficult to understand what data you have, how it is being used, and if either of these things put you at risk from a security or compliance perspective.


    Guardium automatically discovers critical data and uncovers risk, providing visibility into all transactions and protocols across platforms and users.

  • Protect Critical Data

    Protect Critical Data


    Insider threat and external attacks pose dangers to data; but traditional approaches can’t enforce separation of duties, recognize suspicious activity in real time, or help you act. Compliance mandates and potential audits increase complexity.


    Guardium enables complete protection for sensitive data via real-time capabilities including monitoring, alerting, blocking and quarantining, along with compliance automation to streamline operations and reduce risk of audit failure.

  • Adapt to Changing Environments and Requirements

    Adapt to Changing Environments and Requirements


    Constantly expanding environments, new platforms, evolving compliance requirements and dynamic users make data protection a complex challenge.


    Guardium seamlessly handles changes within your IT environment, enabling you to secure new data sources, expand your deployment, or add new users. This flexible, tiered approach allows you to reduce costs while protecting your most critical assets.

Buy now and get started